Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

DevSecOps

Jenkins Arbitrary File Read via Crafted CLI Command (CVE-...

CVE-2018-1999002 let attackers read arbitrary files from Jenkins masters via crafted requests to the Stapler framework, exposing secrets and credentials.

Nov 25, 20258 min read
DevSecOps

TeamCity Authentication Bypass Exploited by Nation-State ...

A critical TeamCity authentication bypass, CVE-2023-42793, let APT29 and North Korean hackers seize build servers for supply chain attacks.

Nov 25, 20257 min read
DevSecOps

TeamCity Authentication Bypass Enabling Admin Account Cre...

CVE-2024-27198 lets unauthenticated attackers bypass TeamCity login and create admin accounts, with active exploitation and ransomware activity observed.

Nov 25, 20257 min read
DevSecOps

GitLab Unauthenticated RCE via ExifTool Image Processing ...

CVE-2021-22205 let attackers gain unauthenticated RCE on self-hosted GitLab via ExifTool image parsing. Here's the affected versions, severity, timeline, and fixes.

Nov 24, 20257 min read
DevSecOps

Argo CD Path Traversal via Malicious Helm Chart values.ya...

CVE-2022-24348 let attackers use a malicious Helm chart to path-traverse Argo CD's repo-server, exposing secrets across GitOps applications. Here's the fix.

Nov 24, 20257 min read
Industry Analysis

Best SLSA-compliant build systems

A fair comparison of SLSA compliant build systems—GitHub Actions, Cloud Build, GitLab, Tekton Chains—with real strengths and limitations for Build Level 3.

Nov 18, 20258 min read
Buyer's Guides

Best container image scanning tools

A practical comparison of container image scanning tools — Trivy, Grype, Snyk, Docker Scout, Clair, and Anchore — with real strengths, limits, and how to pick one.

Nov 17, 20257 min read
Container Security

Container image supply chain attack trends

Container images have become the software supply chain's most contested attack surface. A look at the xz-utils backdoor, registry-borne malware campaigns, and the detection gaps behind them.

Nov 17, 20258 min read
AI Security

Agentic AI Supply Chain Vulnerabilities

Agentic AI systems trust tools and models at runtime, not build time. Real 2024-2025 incidents show how MCP servers and AI packages become supply chain attack vectors.

Nov 17, 20257 min read
Buyer's Guides

Best SAST tools for enterprise applications

A practical buyer's guide comparing top SAST tools for enterprise apps -- strengths, limitations, and how Safeguard unifies findings across your pipeline.

Nov 17, 20258 min read
Container Security

Container registry credential leak trends

2026 data shows container registry credential leaks accelerating as CI pipelines speed up — and why layer-aware scanning, not just final-image checks, is now essential.

Nov 16, 20256 min read
Buyer's Guides

Best IAST tools for runtime application security testing

A practical, no-fluff comparison of IAST tools for runtime application security testing — evaluation criteria, honest vendor tradeoffs, and where supply chain risk still slips through.

Nov 16, 20257 min read
devsecops (Page 40) — Safeguard Blog